comment on

Some systems (e.g. Linux) do not allow suid scripts. You can set the suid bit on the file, but the system will just ignore it and run the script without switching users. The reasoning is that shell scripts are very insecure and allowing them to work results in more harm than good.

The main thing that suidperl did was allow suid Perl scripts to work even on systems that operate this way.

There is always the danger of a user trying to escape to a shell. That is one of the big reasons that suid shell scripts are disallowed on those systems. The idea behind taint mode is that it will help the programmer to reduce that risk by keeping track of things that come from user input. If the program never uses any input, it can't do anything unexpected (but it might not be able to do anything useful either).

In reply to Re: Re: Re: Future security worries? by bunnyman
in thread Future security worries? by skx

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.